cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
350
Views
0
Helpful
5
Replies

PIX Site to Site VPN with ISDN Backup Dial?

patrick.bolt
Level 1
Level 1

Hello

I have to implement a VPN connection (PIX to PIX with IPsec) from a branch office to the headquarter. There will be some type of Internet connection (DSL or leased line with public IP's) at branch office. The VPN config is straight forward but the business requirements are that there must exist a ISDN backup directly into the headquarter.

Has anyone any idea how to design that network? My primary problem is the routing of traffic between headquarter and branch. OSPF cannot be used with ISDN and static routes are not changed in case of VPN failure to point to isdn. ISDN backup dial interfaces are although not possible due to different devices.

Thanks for some idea

Patrik

5 Replies 5

spremkumar
Level 9
Level 9

Hi

I feel you may be using a router to dial out for the backup purpose.

In this case is it possible to find out the chances in terminating the LL or DSL line in the router itself.

So that the router can take care of routing part and ur pix dont need to worry about that.

It will take care of the VPN connectivity irrespective of reachability thru LL or ISDN.

To be precise u can configure the default route in ur pix pointing to the routers ehternet interface.

On ur router configure the reachability to the locations using static via the primary link and add a floating static route i.e., with some admin distance via the isdn backup link.

regds

Thanks

This solution doesnt meet the security requirements. In this case the router outside the firewall connects directly into the company net over isdn. The ISDN Router must stay behind the PIX in a high security level network segment. A solution could be a router outside the PIX with ISDN dialing into an ISP. The PIX could use can use ISDN or DSL tranparently. But what to do if the Headquarter PIX or Internet connection is down. In this case VPN is although down.

Can you see the problem?

Thanks and Greets Patrik

hi

i was quoting keeping the kinda scenario/topology as attached with this post.

i would also suggst u to put it in a diag stating how ur pix is connecting now directly via DSL on both the ends and where ur going to place the router for isdn dial back..

regs

One more question from me: while main line down (VPN via ISDN) the ISDN line is allways UP, unregarding of no-interesting traffic to send trough the VPN (for example: branch office closed for week-end).

Regards,

Claudio

Hi

Interesting traffic can be mentioned out using dialer-list ,i think by default you have all the protocol/traffic to trigger out the isdn and keep them on.

Would suggest to check out the same using ACL matching only the interesting traffic(matching ur local lan and the remote local lan).

Also will be needing more info like whether u hve deployed any routing protocol out there in ur router to take care of the routing part..

regds

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: